tonejito/.gitignore

## .gitignore
#	.gitignore
**/old

## mariadb-ephemeral.rendered.yaml
# [NOTE]
# ====
# You have to convert the DeploymentConfig to a Deployment to avoid using an ImageStream
#
# Once you have a Deployment just set the '.spec.containers[0].image' and point it to a "well known" (and hopefully public) MySQL/MariaDB image
# ====

# $ oc process template/mariadb-ephemeral -n openshift --parameters
# NAME                    DESCRIPTION                                                               GENERATOR           VALUE
# MEMORY_LIMIT            Maximum amount of memory the container can use.                                               512Mi
# NAMESPACE               The OpenShift Namespace where the ImageStream resides.                                        openshift
# DATABASE_SERVICE_NAME   The name of the OpenShift Service exposed for the database.                                   mariadb
# MYSQL_USER              Username for MariaDB user that will be used for accessing the database.   expression          user[A-Z0-9]{3}
# MYSQL_PASSWORD          Password for the MariaDB connection user.                                 expression          [a-zA-Z0-9]{16}
# MYSQL_ROOT_PASSWORD     Password for the MariaDB root user.                                       expression          [a-zA-Z0-9]{16}
# MYSQL_DATABASE          Name of the MariaDB database accessed.                                                        sampledb
# MARIADB_VERSION         Version of MariaDB image to be used (10.3-el7, 10.3-el8, or latest).                          10.3-el8

# $ oc process template/mariadb-ephemeral -n openshift \
#     -p MYSQL_ROOT_PASSWORD='root' \
#     -p MYSQL_DATABASE='database' \
#     -p MYSQL_USER='user' \
#     -p MYSQL_PASSWORD='password' \
#     -o yaml
---
apiVersion: v1
items:
- apiVersion: v1
  kind: Secret
  metadata:
    annotations:
      template.openshift.io/expose-database_name: '{.data[''database-name'']}'
      template.openshift.io/expose-password: '{.data[''database-password'']}'
      template.openshift.io/expose-root_password: '{.data[''database-root-password'']}'
      template.openshift.io/expose-username: '{.data[''database-user'']}'
    labels:
      app.openshift.io/runtime: mariadb
      template: mariadb-ephemeral-template
    name: mariadb
  stringData:
    database-name: database
    database-password: password
    database-root-password: root
    database-user: user
- apiVersion: v1
  kind: Service
  metadata:
    annotations:
      template.openshift.io/expose-uri: mysql://{.spec.clusterIP}:{.spec.ports[?(.name=="mariadb")].port}
    labels:
      app.openshift.io/runtime: mariadb
      template: mariadb-ephemeral-template
    name: mariadb
  spec:
    ports:
    - name: mariadb
      port: 3306
    selector:
      name: mariadb
- apiVersion: apps.openshift.io/v1
  kind: DeploymentConfig
  metadata:
    annotations:
      template.alpha.openshift.io/wait-for-ready: "true"
    labels:
      app.openshift.io/runtime: mariadb
      template: mariadb-ephemeral-template
    name: mariadb
  spec:
    replicas: 1
    selector:
      name: mariadb
    strategy:
      type: Recreate
    template:
      metadata:
        labels:
          name: mariadb
      spec:
        containers:
        - env:
          - name: MYSQL_USER
            valueFrom:
              secretKeyRef:
                key: database-user
                name: mariadb
          - name: MYSQL_PASSWORD
            valueFrom:
              secretKeyRef:
                key: database-password
                name: mariadb
          - name: MYSQL_ROOT_PASSWORD
            valueFrom:
              secretKeyRef:
                key: database-root-password
                name: mariadb
          - name: MYSQL_DATABASE
            valueFrom:
              secretKeyRef:
                key: database-name
                name: mariadb
          image: ' '
          imagePullPolicy: IfNotPresent
          livenessProbe:
            exec:
              command:
              - /bin/sh
              - -i
              - -c
              - MYSQL_PWD="$MYSQL_PASSWORD" mysqladmin -u $MYSQL_USER ping
            initialDelaySeconds: 30
            timeoutSeconds: 1
          name: mariadb
          ports:
          - containerPort: 3306
          readinessProbe:
            exec:
              command:
              - /bin/sh
              - -i
              - -c
              - MYSQL_PWD="$MYSQL_PASSWORD" mysqladmin -u $MYSQL_USER ping
            initialDelaySeconds: 5
            timeoutSeconds: 1
          resources:
            limits:
              memory: 512Mi
          volumeMounts:
          - mountPath: /var/lib/mysql/data
            name: mariadb-data
        volumes:
        - emptyDir:
            medium: ""
          name: mariadb-data
    triggers:
    - imageChangeParams:
        automatic: true
        containerNames:
        - mariadb
        from:
          kind: ImageStreamTag
          name: mariadb:10.3-el8
          namespace: openshift
      type: ImageChange
    - type: ConfigChange
kind: List
metadata: {}

## mariadb-persistent.rendered.yaml
# [NOTE]
# ====
# You have to convert the DeploymentConfig to a Deployment to avoid using an ImageStream
#
# Once you have a Deployment just set the '.spec.containers[0].image' and point it to a "well known" (and hopefully public) MySQL/MariaDB image
# ====

# $ oc process template/mariadb-persistent -n openshift --parameters
# NAME                    DESCRIPTION                                                               GENERATOR           VALUE
# MEMORY_LIMIT            Maximum amount of memory the container can use.                                               512Mi
# NAMESPACE               The OpenShift Namespace where the ImageStream resides.                                        openshift
# DATABASE_SERVICE_NAME   The name of the OpenShift Service exposed for the database.                                   mariadb
# MYSQL_USER              Username for MariaDB user that will be used for accessing the database.   expression          user[A-Z0-9]{3}
# MYSQL_PASSWORD          Password for the MariaDB connection user.                                 expression          [a-zA-Z0-9]{16}
# MYSQL_ROOT_PASSWORD     Password for the MariaDB root user.                                       expression          [a-zA-Z0-9]{16}
# MYSQL_DATABASE          Name of the MariaDB database accessed.                                                        sampledb
# MARIADB_VERSION         Version of MariaDB image to be used (10.3-el7, 10.3-el8, or latest).                          10.3-el8
# VOLUME_CAPACITY         Volume space available for data, e.g. 512Mi, 2Gi.                                             1Gi

# oc process template/mariadb-persistent -n openshift \
#   -p MYSQL_ROOT_PASSWORD='root' \
#   -p MYSQL_DATABASE='database' \
#   -p MYSQL_USER='user' \
#   -p MYSQL_PASSWORD='password' \
#   -p VOLUME_CAPACITY='1Gi' \
#   -o yaml
---
apiVersion: v1
items:
- apiVersion: v1
  kind: Secret
  metadata:
    annotations:
      template.openshift.io/expose-database_name: '{.data[''database-name'']}'
      template.openshift.io/expose-password: '{.data[''database-password'']}'
      template.openshift.io/expose-root_password: '{.data[''database-root-password'']}'
      template.openshift.io/expose-username: '{.data[''database-user'']}'
    labels:
      app.openshift.io/runtime: mariadb
      template: mariadb-persistent-template
    name: mariadb
  stringData:
    database-name: database
    database-password: password
    database-root-password: root
    database-user: user
- apiVersion: v1
  kind: Service
  metadata:
    annotations:
      template.openshift.io/expose-uri: mysql://{.spec.clusterIP}:{.spec.ports[?(.name=="mariadb")].port}
    labels:
      app.openshift.io/runtime: mariadb
      template: mariadb-persistent-template
    name: mariadb
  spec:
    ports:
    - name: mariadb
      port: 3306
    selector:
      name: mariadb
- apiVersion: v1
  kind: PersistentVolumeClaim
  metadata:
    labels:
      app.openshift.io/runtime: mariadb
      template: mariadb-persistent-template
    name: mariadb
  spec:
    accessModes:
    - ReadWriteOnce
    resources:
      requests:
        storage: 1Gi
- apiVersion: apps.openshift.io/v1
  kind: DeploymentConfig
  metadata:
    annotations:
      template.alpha.openshift.io/wait-for-ready: "true"
    labels:
      app.openshift.io/runtime: mariadb
      template: mariadb-persistent-template
    name: mariadb
  spec:
    replicas: 1
    selector:
      name: mariadb
    strategy:
      type: Recreate
    template:
      metadata:
        labels:
          name: mariadb
      spec:
        containers:
        - env:
          - name: MYSQL_USER
            valueFrom:
              secretKeyRef:
                key: database-user
                name: mariadb
          - name: MYSQL_PASSWORD
            valueFrom:
              secretKeyRef:
                key: database-password
                name: mariadb
          - name: MYSQL_ROOT_PASSWORD
            valueFrom:
              secretKeyRef:
                key: database-root-password
                name: mariadb
          - name: MYSQL_DATABASE
            valueFrom:
              secretKeyRef:
                key: database-name
                name: mariadb
          image: ' '
          imagePullPolicy: IfNotPresent
          livenessProbe:
            exec:
              command:
              - /bin/sh
              - -i
              - -c
              - MYSQL_PWD="$MYSQL_PASSWORD" mysqladmin -u $MYSQL_USER ping
            initialDelaySeconds: 30
            timeoutSeconds: 1
          name: mariadb
          ports:
          - containerPort: 3306
          readinessProbe:
            exec:
              command:
              - /bin/sh
              - -i
              - -c
              - MYSQL_PWD="$MYSQL_PASSWORD" mysqladmin -u $MYSQL_USER ping
            initialDelaySeconds: 5
            timeoutSeconds: 1
          resources:
            limits:
              memory: 512Mi
          volumeMounts:
          - mountPath: /var/lib/mysql/data
            name: mariadb-data
        volumes:
        - name: mariadb-data
          persistentVolumeClaim:
            claimName: mariadb
    triggers:
    - imageChangeParams:
        automatic: true
        containerNames:
        - mariadb
        from:
          kind: ImageStreamTag
          name: mariadb:10.3-el8
          namespace: openshift
      type: ImageChange
    - type: ConfigChange
kind: List
metadata: {}

## mariadb.yaml
# Apply the rbac.yaml file and uncomment the 'serviceAccountName' field of the Deployment to run the Pod with a specific ServiceAccount

# oc new-project mj-aro
# oc create sa storage-sa
# oc adm policy add-scc-to-user anyuid -z storage-sa
# oc set serviceaccount deployment/mariadb storage-sa

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  labels:
    app: mariadb
  name: mariadb
spec:
  #
  # storage classes in a DO280 classroom
  #
  # - file storage (not appropriate for a database)
  # storageClassName: nfs-storage
  #
  # - block storage (appropriate for a database)
  storageClassName: lvms-vg1
  #
  # Storage classes in ARO (Azure)
  # storageClassName: managed-premium
  # (I believe this is block storage, but correct me if I'm wrong)
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 4Gi
---
apiVersion: v1
kind: Secret
metadata:
  labels:
    app: mariadb
  name: mariadb
stringData:
  database-name: do120db
  database-password: redhat
  database-root-password: redhat
  database-user: operator1
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: mariadb
  name: mariadb
spec:
  replicas: 1
  selector:
    matchLabels:
      app: mariadb
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: mariadb
    spec:
      containers:
        - name: mariadb
          # I mirrored the image to Quay because my cluster didn't had the appropriate Image Pull Secrets in place
          # image: registry.redhat.io/rhel9/mariadb-105
          image: quay.io/redhattraining/mariadb:105-1-125
          env:
            - name: MYSQL_USER
              valueFrom:
                secretKeyRef:
                  key: database-user
                  name: mariadb
            - name: MYSQL_PASSWORD
              valueFrom:
                secretKeyRef:
                  key: database-password
                  name: mariadb
            - name: MYSQL_ROOT_PASSWORD
              valueFrom:
                secretKeyRef:
                  key: database-root-password
                  name: mariadb
            - name: MYSQL_DATABASE
              valueFrom:
                secretKeyRef:
                  key: database-name
                  name: mariadb
          ports:
            - containerPort: 3306
          livenessProbe:
            exec:
              command:
                - /bin/sh
                - -i
                - -c
                - MYSQL_PWD="$MYSQL_PASSWORD" mysqladmin -u $MYSQL_USER ping
            initialDelaySeconds: 30
            timeoutSeconds: 1
          readinessProbe:
            exec:
              command:
                - /bin/sh
                - -i
                - -c
                - MYSQL_PWD="$MYSQL_PASSWORD" mysqladmin -u $MYSQL_USER ping
            initialDelaySeconds: 5
            timeoutSeconds: 1
          resources:
            # Warning: No CPU limit specified for this container, this could starve other processes
            limits:
              memory: 512Mi
          # https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
          securityContext:
            privileged: false
            runAsNonRoot: true
            allowPrivilegeEscalation: false
            # seccompProfile can be set as RuntimeDefault, Unconfined, and Localhost
            seccompProfile:
              type: RuntimeDefault
            capabilities:
              drop:
                - ALL
          volumeMounts:
            - mountPath: /var/lib/mysql/data
              name: mariadb-data
      # oc set serviceaccount deployment/mariadb storage-sa
      # The above command adds the `serviceAccountName` parameter to the deployment
      # serviceAccountName: storage-sa
      # Can't add this when running in 'restricted*' PSA
      # securityContext:
      #   # matches project/namespace 'sa.scc.supplemental-groups' annotation
      #   fsGroup: 1000820000
      #   # These two fail because they don't match the annotation range
      #   # fsGroup:  0  # root
      #   # fsGroup: 27  # mysql

      volumes:
        - name: mariadb-data
          persistentVolumeClaim:
            claimName: mariadb
            defaultMode: 0777
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: mariadb
  name: mariadb
spec:
  ports:
    - name: mariadb
      port: 3306
      targetPort: 3306  # Added to get rid of a warning
  selector:
    name: mariadb

## project-namespace.yaml
---
# oc get project/mj-aro -o yaml
apiVersion: project.openshift.io/v1
kind: Project
metadata:
  annotations:
    openshift.io/description: ""
    openshift.io/display-name: ""
    openshift.io/requester: admin
    openshift.io/sa.scc.mcs: s0:c29,c4
    openshift.io/sa.scc.supplemental-groups: 1000820000/10000
    openshift.io/sa.scc.uid-range: 1000820000/10000
  labels:
    kubernetes.io/metadata.name: mj-aro
    pod-security.kubernetes.io/audit: restricted
    pod-security.kubernetes.io/audit-version: v1.24
    pod-security.kubernetes.io/warn: restricted
    pod-security.kubernetes.io/warn-version: v1.24
  name: mj-aro
spec:
  finalizers:
  - kubernetes
status:
  phase: Active
---
# oc get namespace/mj-aro -o yaml
apiVersion: v1
kind: Namespace
metadata:
  annotations:
    openshift.io/description: ""
    openshift.io/display-name: ""
    openshift.io/requester: admin
    openshift.io/sa.scc.mcs: s0:c29,c4
    openshift.io/sa.scc.supplemental-groups: 1000820000/10000
    openshift.io/sa.scc.uid-range: 1000820000/10000
  labels:
    kubernetes.io/metadata.name: mj-aro
    pod-security.kubernetes.io/audit: restricted
    pod-security.kubernetes.io/audit-version: v1.24
    pod-security.kubernetes.io/warn: restricted
    pod-security.kubernetes.io/warn-version: v1.24
  name: mj-aro
spec:
  finalizers:
  - kubernetes
status:
  phase: Active

## rbac.yaml
---
# oc create sa storage-sa --dry-run=client -o yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: storage-sa
---
# oc adm policy add-scc-to-user anyuid -z storage-sa --dry-run=client -o yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: system:openshift:scc:anyuid
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:openshift:scc:anyuid
subjects:
- kind: ServiceAccount
  name: storage-sa
  namespace: mj-aro
	# [NOTE]
	# ====
	# You have to convert the DeploymentConfig to a Deployment to avoid using an ImageStream
	#
	# Once you have a Deployment just set the '.spec.containers[0].image' and point it to a "well known" (and hopefully public) MySQL/MariaDB image
	# ====

	# $ oc process template/mariadb-ephemeral -n openshift --parameters
	# NAME DESCRIPTION GENERATOR VALUE
	# MEMORY_LIMIT Maximum amount of memory the container can use. 512Mi
	# NAMESPACE The OpenShift Namespace where the ImageStream resides. openshift
	# DATABASE_SERVICE_NAME The name of the OpenShift Service exposed for the database. mariadb
	# MYSQL_USER Username for MariaDB user that will be used for accessing the database. expression user[A-Z0-9]{3}
	# MYSQL_PASSWORD Password for the MariaDB connection user. expression [a-zA-Z0-9]{16}
	# MYSQL_ROOT_PASSWORD Password for the MariaDB root user. expression [a-zA-Z0-9]{16}
	# MYSQL_DATABASE Name of the MariaDB database accessed. sampledb
	# MARIADB_VERSION Version of MariaDB image to be used (10.3-el7, 10.3-el8, or latest). 10.3-el8

	# $ oc process template/mariadb-ephemeral -n openshift \
	# -p MYSQL_ROOT_PASSWORD='root' \
	# -p MYSQL_DATABASE='database' \
	# -p MYSQL_USER='user' \
	# -p MYSQL_PASSWORD='password' \
	# -o yaml
	---
	apiVersion: v1
	items:
	- apiVersion: v1
	kind: Secret
	metadata:
	annotations:
	template.openshift.io/expose-database_name: '{.data[''database-name'']}'
	template.openshift.io/expose-password: '{.data[''database-password'']}'
	template.openshift.io/expose-root_password: '{.data[''database-root-password'']}'
	template.openshift.io/expose-username: '{.data[''database-user'']}'
	labels:
	app.openshift.io/runtime: mariadb
	template: mariadb-ephemeral-template
	name: mariadb
	stringData:
	database-name: database
	database-password: password
	database-root-password: root
	database-user: user
	- apiVersion: v1
	kind: Service
	metadata:
	annotations:
	template.openshift.io/expose-uri: mysql://{.spec.clusterIP}:{.spec.ports[?(.name=="mariadb")].port}
	labels:
	app.openshift.io/runtime: mariadb
	template: mariadb-ephemeral-template
	name: mariadb
	spec:
	ports:
	- name: mariadb
	port: 3306
	selector:
	name: mariadb
	- apiVersion: apps.openshift.io/v1
	kind: DeploymentConfig
	metadata:
	annotations:
	template.alpha.openshift.io/wait-for-ready: "true"
	labels:
	app.openshift.io/runtime: mariadb
	template: mariadb-ephemeral-template
	name: mariadb
	spec:
	replicas: 1
	selector:
	name: mariadb
	strategy:
	type: Recreate
	template:
	metadata:
	labels:
	name: mariadb
	spec:
	containers:
	- env:
	- name: MYSQL_USER
	valueFrom:
	secretKeyRef:
	key: database-user
	name: mariadb
	- name: MYSQL_PASSWORD
	valueFrom:
	secretKeyRef:
	key: database-password
	name: mariadb
	- name: MYSQL_ROOT_PASSWORD
	valueFrom:
	secretKeyRef:
	key: database-root-password
	name: mariadb
	- name: MYSQL_DATABASE
	valueFrom:
	secretKeyRef:
	key: database-name
	name: mariadb
	image: ' '
	imagePullPolicy: IfNotPresent
	livenessProbe:
	exec:
	command:
	- /bin/sh
	- -i
	- -c
	- MYSQL_PWD="$MYSQL_PASSWORD" mysqladmin -u $MYSQL_USER ping
	initialDelaySeconds: 30
	timeoutSeconds: 1
	name: mariadb
	ports:
	- containerPort: 3306
	readinessProbe:
	exec:
	command:
	- /bin/sh
	- -i
	- -c
	- MYSQL_PWD="$MYSQL_PASSWORD" mysqladmin -u $MYSQL_USER ping
	initialDelaySeconds: 5
	timeoutSeconds: 1
	resources:
	limits:
	memory: 512Mi
	volumeMounts:
	- mountPath: /var/lib/mysql/data
	name: mariadb-data
	volumes:
	- emptyDir:
	medium: ""
	name: mariadb-data
	triggers:
	- imageChangeParams:
	automatic: true
	containerNames:
	- mariadb
	from:
	kind: ImageStreamTag
	name: mariadb:10.3-el8
	namespace: openshift
	type: ImageChange
	- type: ConfigChange
	kind: List
	metadata: {}
	# Apply the rbac.yaml file and uncomment the 'serviceAccountName' field of the Deployment to run the Pod with a specific ServiceAccount

	# oc new-project mj-aro
	# oc create sa storage-sa
	# oc adm policy add-scc-to-user anyuid -z storage-sa
	# oc set serviceaccount deployment/mariadb storage-sa

	---
	apiVersion: v1
	kind: PersistentVolumeClaim
	metadata:
	labels:
	app: mariadb
	name: mariadb
	spec:
	#
	# storage classes in a DO280 classroom
	#
	# - file storage (not appropriate for a database)
	# storageClassName: nfs-storage
	#
	# - block storage (appropriate for a database)
	storageClassName: lvms-vg1
	#
	# Storage classes in ARO (Azure)
	# storageClassName: managed-premium
	# (I believe this is block storage, but correct me if I'm wrong)
	accessModes:
	- ReadWriteOnce
	resources:
	requests:
	storage: 4Gi
	---
	apiVersion: v1
	kind: Secret
	metadata:
	labels:
	app: mariadb
	name: mariadb
	stringData:
	database-name: do120db
	database-password: redhat
	database-root-password: redhat
	database-user: operator1
	---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	labels:
	app: mariadb
	name: mariadb
	spec:
	replicas: 1
	selector:
	matchLabels:
	app: mariadb
	strategy:
	type: Recreate
	template:
	metadata:
	labels:
	app: mariadb
	spec:
	containers:
	- name: mariadb
	# I mirrored the image to Quay because my cluster didn't had the appropriate Image Pull Secrets in place
	# image: registry.redhat.io/rhel9/mariadb-105
	image: quay.io/redhattraining/mariadb:105-1-125
	env:
	- name: MYSQL_USER
	valueFrom:
	secretKeyRef:
	key: database-user
	name: mariadb
	- name: MYSQL_PASSWORD
	valueFrom:
	secretKeyRef:
	key: database-password
	name: mariadb
	- name: MYSQL_ROOT_PASSWORD
	valueFrom:
	secretKeyRef:
	key: database-root-password
	name: mariadb
	- name: MYSQL_DATABASE
	valueFrom:
	secretKeyRef:
	key: database-name
	name: mariadb
	ports:
	- containerPort: 3306
	livenessProbe:
	exec:
	command:
	- /bin/sh
	- -i
	- -c
	- MYSQL_PWD="$MYSQL_PASSWORD" mysqladmin -u $MYSQL_USER ping
	initialDelaySeconds: 30
	timeoutSeconds: 1
	readinessProbe:
	exec:
	command:
	- /bin/sh
	- -i
	- -c
	- MYSQL_PWD="$MYSQL_PASSWORD" mysqladmin -u $MYSQL_USER ping
	initialDelaySeconds: 5
	timeoutSeconds: 1
	resources:
	# Warning: No CPU limit specified for this container, this could starve other processes
	limits:
	memory: 512Mi
	# https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
	securityContext:
	privileged: false
	runAsNonRoot: true
	allowPrivilegeEscalation: false
	# seccompProfile can be set as RuntimeDefault, Unconfined, and Localhost
	seccompProfile:
	type: RuntimeDefault
	capabilities:
	drop:
	- ALL
	volumeMounts:
	- mountPath: /var/lib/mysql/data
	name: mariadb-data
	# oc set serviceaccount deployment/mariadb storage-sa
	# The above command adds the `serviceAccountName` parameter to the deployment
	# serviceAccountName: storage-sa
	# Can't add this when running in 'restricted*' PSA
	# securityContext:
	# # matches project/namespace 'sa.scc.supplemental-groups' annotation
	# fsGroup: 1000820000
	# # These two fail because they don't match the annotation range
	# # fsGroup: 0 # root
	# # fsGroup: 27 # mysql

	volumes:
	- name: mariadb-data
	persistentVolumeClaim:
	claimName: mariadb
	defaultMode: 0777
	---
	apiVersion: v1
	kind: Service
	metadata:
	labels:
	app: mariadb
	name: mariadb
	spec:
	ports:
	- name: mariadb
	port: 3306
	targetPort: 3306 # Added to get rid of a warning
	selector:
	name: mariadb
	---
	# oc get project/mj-aro -o yaml
	apiVersion: project.openshift.io/v1
	kind: Project
	metadata:
	annotations:
	openshift.io/description: ""
	openshift.io/display-name: ""
	openshift.io/requester: admin
	openshift.io/sa.scc.mcs: s0:c29,c4
	openshift.io/sa.scc.supplemental-groups: 1000820000/10000
	openshift.io/sa.scc.uid-range: 1000820000/10000
	labels:
	kubernetes.io/metadata.name: mj-aro
	pod-security.kubernetes.io/audit: restricted
	pod-security.kubernetes.io/audit-version: v1.24
	pod-security.kubernetes.io/warn: restricted
	pod-security.kubernetes.io/warn-version: v1.24
	name: mj-aro
	spec:
	finalizers:
	- kubernetes
	status:
	phase: Active
	---
	# oc get namespace/mj-aro -o yaml
	apiVersion: v1
	kind: Namespace
	metadata:
	annotations:
	openshift.io/description: ""
	openshift.io/display-name: ""
	openshift.io/requester: admin
	openshift.io/sa.scc.mcs: s0:c29,c4
	openshift.io/sa.scc.supplemental-groups: 1000820000/10000
	openshift.io/sa.scc.uid-range: 1000820000/10000
	labels:
	kubernetes.io/metadata.name: mj-aro
	pod-security.kubernetes.io/audit: restricted
	pod-security.kubernetes.io/audit-version: v1.24
	pod-security.kubernetes.io/warn: restricted
	pod-security.kubernetes.io/warn-version: v1.24
	name: mj-aro
	spec:
	finalizers:
	- kubernetes
	status:
	phase: Active
	---
	# oc create sa storage-sa --dry-run=client -o yaml
	apiVersion: v1
	kind: ServiceAccount
	metadata:
	name: storage-sa
	---
	# oc adm policy add-scc-to-user anyuid -z storage-sa --dry-run=client -o yaml
	apiVersion: rbac.authorization.k8s.io/v1
	kind: ClusterRoleBinding
	metadata:
	name: system:openshift:scc:anyuid
	roleRef:
	apiGroup: rbac.authorization.k8s.io
	kind: ClusterRole
	name: system:openshift:scc:anyuid
	subjects:
	- kind: ServiceAccount
	name: storage-sa
	namespace: mj-aro